If you’re looking to deliver malware that effectively evades detection, your best bet is to deploy it using run-of-the-mill File Transfer Protocol (FTP). Malware let loose in this fashion evaded detection by traditional antivirus measures 95 percent of the time for more than 30 days, according to a new report [PDF]. The inaugural Modern Malware Review, issued [...]
22 May 2013
On July 1, 2012, requirement 6.2.a went from a “best practice” to an official requirement. Since v2.0 of the PCI DSS was issued, there has been a very active discussion regarding what the PCI SSC was trying to get at with this revision. But it is not just requirement 6.2 that is involved in this [...]
21 May 2013
Satyendra Singh Hackers are always finding ways to circumvent security and abuse the programs companies rely on to function in the Internet age to gain access to sensitive information. Frequently, the tools we use are the sources of vulnerabilities in a system. This does not mean we should abandon the tools, nor does it mean [...]
20 May 2013
The U.S. Department of Health and Human Services is investigating allegations that proprietary information from Monroeville’s 911 dispatch center was released in violation of federal privacy law. An August 2012 complaint to the department’s Office for Civil Rights alleged the municipality’s emergency management service provided health information protected under the federal Health Insurance Portability and [...]
17 May 2013
Overview In the past four years there have been several major cyber attacks against South Korea. We have identified a particular back door (Backdoor.Prioxer) that surfaced during the 2011 attacks. A modified version of this back door was also discovered during the 2013 attacks. The back door is based on publicly available code, but there [...]
16 May 2013
Satyendra Singh Cross-platform vulnerabilities are becoming the tool of choice for malware creators and hackers. These malicious attackers seek out programs and functions that are widely used, spread across at least the three major platforms, and provide some method of gaining control over or access to the target’s computer. A few programs have shown themselves [...]
15 May 2013
Complying with the HIPAA Omnibus Rule requires careful planning, says John Pritchard, information security manager at St. Charles Health System in Oregon. That’s why he helped formed a task force to lead the effort. “We’re going to look at individual things that are published within the final rule and figure out how we’re going to respond to [...]
14 May 2013
Satyendra Singh With the plethora of information security options that are available, it can be difficult to determine what services your system needs. More complicated configurations beyond a simple LAN can provide other considerations. Most people with a basic grasp of how the Internet works understand that a firewall is necessary to protect your electronics, [...]
13 May 2013
Our phones have been ringing off the hook the past few weeks (which is a good thing!) and we anticipate that this will continue as customers, prospects and partners work to get their arms around the new U.S. Department of Health and Human Services (HHS) Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule that [...]
10 May 2013
The University of Mississippi Medical Center (UMMC) is notifying patients who visited UMMC between 2008 and January 2013 that their health information may have been stored on a laptop computer that’s “missing.” Apparently, the device was not protected with laptop encryption like AlertBoot, which may have been a result of the laptop being “a shared device, used [...]
